
We claim: 

,„ a computing environment having a correction to a network, a computer program 
producyodiedonacomputerreadabie medium readable byacomputer in said emnronment, 
for estabing a secure, .ow-overhead connection between a client application and a server 
applicationuLerisung message types, saul computer program product comprising: 

computable program code means for piggy-backing a request for a message 
encoding scheme Lsa, onto a firs, message sen. from said client application ,0 said server 
application, wherein saV first message uses a first existing message type; 

oomputer-readabVogram code means for piggy-backing a firs, portion of security 
information onto a second L sen, from said saver application .o said clien. application, 

| comprises a response to said request a message encoding scheme; 

information on.o a third message sen. fromW clien. application to said server application, 

computer-readable program code n«ns foW^S a third portion of security 
information onto a four* message sent from said sel application to said client application, 
wherein said fourth message uses a third existing messagW 
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type is a HyperText Transfer Protocol (HTTP) GET message, sa\second existing message type 
is an HTTP REDIRECT message, and said third existing message tyfceis a response to said 
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HTTP GET message. 
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! 3. The computer program product according to Claim 1, wherein said first existing message 

2 type is a 4erText Transfer Protocol (HTTP) POST message, said second existing message type 

3 is an HTTP REDIRECT message, and said third existing message type is a response to said 

4 HTTP POST message. 

! 4. The computeXgram product according to Claim 1, wherein said first existing message 
2 type is a Wireless Sessio\rotocol (WSP) GET message, said second existing message type is a 
| WSP REDIRECT message,\d said third existing message type is a response to said WSP GET 

message. 

5 5. The computer program producWording to Claim 1, wherein said first existing message 
% type is a Wireless Session Protocol (WSpW message, said second existing message type is a 

WSP REDIRECT message, and said third exiting message type is a response to said WSP POST 
message. 



6. The computer program product according to Claim 1, wherein: 

said first message requests a secure page from sa\server application, wherein said secure 
page request further comprises an identifier of said secure \ 

said second message sends i redirection message fromWd server application to said client 
application, wherein said redirection message comprises a redirected identifier of said secure 
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?age; 

said third message sends a subsequent request for said secure page from said server 
application in response to said redirection message, wherein said subsequent request further 
comprises said redirected identifier of said secure page; and 

saidvfourth message sends a response to said subsequent secure page request to said client 
application, wherein said response further comprises a content portion encrypted using a session 
key generated by\aid server application. 
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7. The computer prWrarn product according to Claim 6, wherein: 

said first portion further comprises a security certificate of said server application; 
said second portion filler comprises a set of information encrypted using a public key of 

said server application; and 

said third portion further comprises a nonce of said server application, encrypted using a 

public key of said client application. 



Ci 8. The computer program product according to Claim 6, wherein: 

2 said first portion further comprises an identification of said server application; 

3 said second portion further comprises a set\f information encrypted using a public key of 

4 said server application; and 

5 said third portion further comprises a nonce of sa^d server application, encrypted using a 

6 public key of said client application. 
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9. \he computer program product according to Claim 7 or Claim 8, wherein said request for 
a message\encoding scheme further comprises a keyword indicating said request. 

10. The computer program product according to Claim 9, wherein said set of information 
comprises: zeroVr more parameters required for said secure page request; an identification of 
said client application; a client nonce; and optionally including a timestamp. 

11. The computerVogram product according to Claim 6, wherein said redirected identifier of 
said secure page may be\dentical to said identifier of said secure page. 

12. The computer prograbi product according to Claim 1, wherein: 

said first message requests a secure page from said server application, wherein said 
request further comprises an ideritifier of said secure page; 

said second message sendsk authentication message from said server application to said 

client application; \ 

said third message sends a subsequent request for said secure page from said server 

application in response to said authentication message; and 

said fourth message sends a respond to said subsequent secure page request to said client 
application, wherein said response further comprises a content portion encrypted using a session 
key generated by said server application. \ 



13. The computer program product according t< 
RSW9-99-084 " 53 ~ 



Claim 12, wherein said authentication 
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2 message comprises a redirected identifier of said secure page, and wherein said subsequent 

3 request further comprises said redirected identifier of said secure page. 

1 14. A system for establishing a secure, low-overhead connection between a client application 

2 and a server application using existing message types in a computing environment having a 

3 connection to a netwotk, said system comprising: 

4 means for piggybacking a request for a message encoding scheme proposal onto a first 

5 message sent from said clietrt application to said server application, wherein said first message 

6 uses a first existing message type; 

! =2 7 means for piggy-backing V first portion of security information onto a second message sent 

; 8 from said server application to said\lient application, wherein said second message uses a second 

9 existing message type and wherein said, first portion comprises a response to said request for a 

s 10 message encoding scheme; \ 

Hi 1 means for piggy-backing a second pWion of security information onto a third message 

] ^12 sent from said client application to said serverapplication, wherein said third message uses said 

13 first existing message type; and \ 

14 means for piggy-backing a third portion of \ecurity information onto a fourth message sent 

1 5 from said server application to said client applications wherein said fourth message uses a third 

1 6 existing message type. \ 

1 15. The system according to Claim 14, wherein said first existing message type is a HyperText 

2 Transfer Protocol (HTTP) GET message, said second existing message type is an HTTP www- 
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3 Authentica\message, and said third existing message type is a response to said HTTP GET 

4 message. \ 

1 16. The systemWording to Claim 14, wherein said first existing message type is a HyperText 

2 Transfer Protocol (HT/TP) POST message, said second existing message type is an HTTP www- 

3 Authenticate messaged said third existing message type is a response to said HTTP POST 

4 message. \ 

1 17. The system according to Oten 14, wherein said first existing message type is a Wireless 

% Session Protocol (WSP) GET messak said second existing message type is a WSP www- 

S 3 Authenticate message, and said third exiting message type is a response to said WSP GET 

.rata \ 

-J 4 message. \ 

01 18. The system according to Claim 14, wherem said first existing message type is a Wireless 

5 2 Session Protocol (WSP) POST message, said second existing message type is a WSP www- 
5 3 Authenticate message, and said third existing messagW is a response to said WSP POST 

4 message. \ 

1 19. The system according to Claim 14, wherein: \ 

2 said first message requests a secure page from said serVr application, wherein said 

3 request further comprises an identifier of said secure page; \ 

4 said second message sends an authentication message from\aid server application to sai 
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client application; 

said third message sends a subsequent request for said secure page from said server 
applications response to said authentication message; and 

said fourth message sends a response to said subsequent secure page request to said client 
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application, wherein said response further comprises a content portion encrypted using a session 
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key generated by said server application. 
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20. The system according to Claim 19, wherein said authentication message comprises a 
redirected identifier of said secure page, and wherein said subsequent request further comprises 
said redirected identifier of said secure page. 



% 1 21. The system according to Claim 1 9 or Claim 20, wherein: 

S3 
S 3 
S? 5 

= 2 said first portion further composes a security certificate of said server application; 

3 3 said second portion further comprises a set of information encrypted using a public key of 

if 4 said server application; and 

~ 5 said third portion further comprises a^ionce of said server application, encrypted using a 

6 public key of said client application. 

1 22. The system according to Claim 19 or Claim VO, wherein: 

2 said first portion further comprises an identification of said server application; 

3 said second portion further comprises a set of information encrypted using a public key of 

4 said server application; and 
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5 said thi^d portion further comprises a nonce of said server application, encrypted using a 

6 public key of said client application. 

1 23. The system according to Claim 20, wherein said request for a message encoding scheme 

2 further comprises a k^^ord indicating said request. 

1 24. The system according to Claim 23, wherein said set of information comprises: zero or 

2 more parameters required forsaid secure page request; an identification of said client application; 

3 a client nonce; and optionally including a timestamp. 

i . \ 

25. The system according to Claim 22, wherein said request for a message encoding scheme 
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i: L2 further comprises a keyword indicatingVaid request and wherein said set of information 

^ comprises: zero or more parameters required for said secure page request; an identification of 
C4 said client application; a client nonce; and optionally including a timestamp. 



■^1 26. The system according to Claim 20, wherein said redirected identifier of said secure page 

2 may be identical to said identifier of said secure page. 

1 27. The system according to Claim 14, wherein: 

2 said first message requests a secure page from safd server application, wherein said 

3 request further comprises an identifier of said secure page;* 

4 said second message sends a redirection message frofy said server application to said client 
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5 application, Wherein said redirection message comprises a redirected identifier of said secure 

6 page; \ 

7 said thirdanessage sends a subsequent request for said secure page from said server 

8 application in response to said redirection message, wherein said subsequent request further 

9 comprises said redirected identifier of said secure page; and 

10 said fourth message sends a response to said subsequent secure page request to said client 

1 1 application, wherein said response further comprises a content portion encrypted using a session 

12 key generated by said servenapplication. 

v gl 28. A method for establishing^ secure, low-overhead connection between a client application 

H2 and a server application using existing message types in a computing environment having a 

connection to a network, said method comprising the steps of: 
s 4 piggy-backing a request for a message encoding scheme proposal onto a first message sent 

i s <=* \ 

□5 from said client application to said server application, wherein said first message uses a first 

' j& existing message type; \ 

^ piggy-backing a first portion of security information onto a second message sent from said 

8 server application to said client application, wherein said second message uses a second existing 

9 message type and wherein said first portion comprises a response to said request for a message 

10 encoding scheme; \ 

1 1 piggy-backing a second portion of security information onto a third message sent from 

12 said client application to said server application, wherein said third message uses said first existing 

1 3 message type; and \ 
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14 piggy-backing a third portion of security information onto a fourth message sent from said 

15 server application to said client application, wherein said fourth message uses a third existing 

16 message type. 
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29. The method according to Claim 28, wherein said first existing message type is a 
HyperText Transfer Protocol (HTTP) GET message, said second existing message type is an 
HTTP www- Authenticate message, and said third existing message type is a response to said 
HTTP GET message. 



i^l 30. The method according to Claipi 28, wherein said first existing message type is a 

i ! j2 HyperText Transfer Protocol (HTTP) fcOST message, said second existing message type is an 

'pj HTTP www-Authenticate message, and said third existing message type is a response to said 

|;"4 HTTP POST message. 

□ 

; 4 31. The method according to Claim 28, wherein said first existing message type is a Wireless 

"^h Session Protocol (WSP) GET message, said second existing message type is a WSP www- 

3 Authenticate message, and said third existing message^ type is a response to said WSP GET 

4 message. 

1 32. The method according to Claim 28, wherein said firk existing message type is a Wireless 

2 Session Protocol (WSP) POST message, said second existing, message type is a WSP www- 

3 Authenticate message, and said third existing message type is a\response to said WSP POST 
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1 33. The method according to Claim 28, wherein: 

2 said\rst message requests a secure page from said server application, wherein said 

3 request further comprises an identifier of said secure page; 

4 said secondinessage sends an authentication message from said server application to said 

5 client application; \ 

6 said third message^sends a subsequent request for said secure page from said server 

7 application in response to saicL authentication message; and 

i|8 said fourth message sendk a response to said subsequent secure page request to said client 

i 1 ? application, wherein said response rarther comprises a content portion encrypted using a session 

lb key generated by said server application 

us \ 

i!3l 34. The method according to Claim 33, wherein said authentication message comprises a 

1 j£ redirected identifier of said secure page, and wherein said subsequent request further comprises 
said redirected identifier of said secure page. \ 

1 35. The method according to Claim 33 or Claim 34, wherein: 

2 said first portion further comprises a security certificate of said server application; 

3 said second portion further comprises a set of information encrypted using a public key of 

4 said server application; and \ 

5 said third portion further comprises a nonce of said server application, encrypted using a 
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public keyiof said client application. 

36. The method according to Claim 33 or Claim 34, wherein. 

said firskportion further comprises an identification of said server application; 

said secorid portion further comprises a set of information encrypted using a public key of 

said server application; and 

said third portibn further comprises a nonce of said server application, encrypted using a 

public key of said client application. 

37. The method according^ Claim 34, wherein said request for a message encoding scheme 
further comprises a keyword indicating said request. 

38. The method according to ClA 37, wherein said set of information comprises: zero or 
more parameters required for said secureW request; an identification of said client application; 
a client nonce; and optionally including a timestamp. 

39. The method according to Claim 36, wherein said request for a message encoding scheme 
further comprises a keyword indicating said requested wherein said set of information 
comprises, zero or more parameters required for said Secure page request; an identification of 
said client application; a client nonce; and optionally including a timestamp. 

40. The method according to Claim 34, wherein said redire\*ed identifier of said secure page 
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2 may be identical to said identifier of said secure page. 
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41 . The method according to Claim 28, wherein: 

said firstVnessage requests a secure page from said server application, wherein said 
request further corrrorises an identifier of said secure page; 

said second message sends a redirection message from said server application to said client 
application, wherein said^redirection message comprises a redirected identifier of said secure 
page; 

said third message sends a subsequent request for said secure page from said server 
application in response to said redirection message, wherein said subsequent request further 
comprises said redirected identifier qf said secure page; and 

said fourth message sends a response to said subsequent secure page request to said client 
application, wherein said response furthenpomprises a content portion encrypted using a session 
key generated by said server application. 

42. A method for establishing a secure, low-overhead connection between a client application 
and a server application using existing message typesdn a computing environment having a 
connection to a network, said method comprising the steps of: 

piggy-backing a request for said server application, to select a message encoding scheme 
onto a first message sent from said client application to said^erver application, wherein said first 
message uses a first existing message type; and 

piggy-backing a first portion of security information ont& a second message sent from said 
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8 server application to said client application, wherein said second message uses a second existing 

9 message type. 



1 43. The method according to Claim 42, wherein said first existing message type is a 

2 HyperText Trans^rProtocol (HTTP) GET message and said second existing message type is a 

3 response to said HTTvP GET message. 



1 44. The method according to Claim 42, wherein said first existing message type is a 

2 HyperText Transfer Protocol (HTTP) POST message and said second existing message type is a 

:3 \ 

q3 response to said HTTP POST message. 



'Ml 45. The method according to Claim 42, wherein said first existing message type is a Wireless 

J 2 Session Protocol (WSP) GET message^and said second existing message type is a response to 

!i said WSP GET message. 

Z&i 
;Ll 

:P1 46. The method according to Claim 42, wherein said first existing message type is a Wireless 

2 Session Protocol (WSP) POST message and said^second existing message type is a response to 

3 said WSP POST message. 

1 47. The method according to Claim 42, wherein: 

2 said first message requests a secure page from saidserver application, wherein said 

3 request further comprises an identifier of said secure page; and 
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4 said second message sends a response to said secure page request to said client 

5 application, wherein said response further comprises a content portion encrypted using a session 

6 key generated bj\ said server application. 



1 48. The method\according to Claim 47, wherein: 

2 said request to^select a message encoding scheme further comprises an identifier of said 

3 client application, a nonce of said client application, and optionally including a timestamp; and 

4 said first portion farther comprises a set of information encrypted using a public key of 

5 said server application. 



49. The method according to\Claim 48, wherein said set of information further comprises: 

m 

S L2 a nonce of said server application, encrypted using a public key of said client application; 

: S3 

C34 a security certificate of said server application. 

i!s t 50. The method according to Claim 48 br Claim 49, wherein first message further comprises 

2 zero or more parameters required for said secure page request. 

1 51. A system for establishing a secure, low-overhead connection between a client application 

2 and a server application using existing message typ^s in a computing environment having a 

3 connection to a network, said system comprising: 

4 means for piggy-backing a request for said server application to select a message encoding 
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5 scheme onto a first message sent from said client application to said server application, wherem 

6 said first message uses a first existing message type; and 

7 means\or piggy-backing a first portion of security information onto a second message sent 

8 from said serverapplication to said client application, wherein said second message uses a second 

9 existing message type. 

1 52. The system according to Claim 5 1 , wherein said first existing message type is a HyperText 

2 Transfer Protocol (HTTpVgET message and said second existing message type is a response to 

3 said HTTP GET message. \ 

4 53 . The system according to Claim 5 1 , wherein said first existing message type is a Wireless 

% Session Protocol (WSP) GET message and said second existing message type is a response to 

73 said WSP GET message. \ 

Uth \ 

% 54. The system according to Claim 5 1 Vherein: 

^ said first message requests a secure page from said server application, wherein said 

3 request further comprises an identifier of said secure page; and 

4 said second message sends a response toVaid secure page request to said client 

5 application, wherein said response further comprises a content portion encrypted using a session 

6 key generated by said server application. \ 



1 



55. The system according to Claim 54, wherein: 
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2 said^equest to select a message encoding scheme further comprises an identifier of said 

3 client application, a nonce of said client application, and optionally including a timestamp; and 

4 said fiiist portion further comprises a set of information encrypted using a public key of 

5 said server application. 

1 56. The system according to Claim 55, wherein said set of information further comprises: 

2 a nonce of saidserver application, encrypted using a public key of said client application; 

3 and \ 

4 a security certificatesof said server application. 

S3; \ 

P \ 

\ 

5 5 57. The system according to felaim 55 or Claim 56, wherein first message further comprises 

s [2 zero or more parameters required for said secure page request. 

3 58. In a computing environment having a connection to a network, a computer program 

p product embodied on a computer readable medium readable by a computer in said environment, 

% for establishing a secure, low-overhead connection between a client application and a server 

4 application using existing message types, said computer program product comprising: 

5 computer-readable program code means for Wgy-backing a request for said server 

6 application to select a message encoding scheme onto a first message sent from said client 

7 application to said server application, wherein said first message uses a first existing message 

8 type; and \ 

9 computer-readable program code means for piggy-backing a first portion of security 
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10 informatibn onto a second message sent from said server application to said client application, 

1 1 wherein said^econd message uses a second existing message type. 

\ 

1 59. The computer program product according to Claim 58, wherein said first existing message 

\ 

2 type is a HyperText Transfer Protocol (HTTP) GET message and said second existing message 

\ 

3 type is a response to said HTTP GET message. 



1 60. The computer program product according to Claim 58, wherein said first existing message 

2 type is a Wireless Session Protocol^WSP) GET message and said second existing message type is 
>3 a response to said WSP GET message. 



5 61 . The computer program product according to Claim 58, wherein: 

n \ 

2 said first message requests a secure pa^e from said server application, wherein said 

3 request further comprises an identifier of said secure page; and 
1 ^ said second message sends a response to said secure page request to said client 
:s 5 application, wherein said response further comprises^ content portion encrypted using a session 

6 key generated by said server application. 



1 62. The computer program product according to Claim\61, wherein: 

2 said request to select a message encoding scheme further comprises an identifier of said 

3 client application, a nonce of said client application, and optionally including a timestamp; and 

4 said first portion further comprises a set of information encrypted using a public key of 
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1 

5 said servenapplication. 

1 63 . The computer program product according to Claim 62, wherein said set of information 

2 further comprises: \ 

3 a nonce of said seiver application, encrypted using a public key of said client application; 

4 and \ 

5 a security certificate of said server application. 

1 64. The computer program product according to Claim 62 or Claim 63, wherein first message 

^1 further comprises zero or more parameters required for said secure page request. 

U 
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